Chaotic Security Blog

Started work on my Cybersecurity portfolio as I wanted to get that up and running again. So was able to dig out my old Gethub and dump out my old web testing stuff and update it some. 

I saw a nice tutorial by Josh Madakor over on YouTube to turn it into a profile of sorts that you could use to add your project too. So took the template that he created and updated it using my details. 

Now just to work on some projects of my own.

While I like Let’s Defend it does like to skimp on things. 

Seem like some of the modules that you work on will have free content but then when you get to a certain module in the group it comes up as paid so you can’t complete the course route without it. That is just a bummer. 

Been messing around on another site similar to TryHackme called Let’s Defend. It was recommended in one of the videos that I was watching for Cyberwox. It seems similar as they allow you to go through and read course material and answer questions to complete modules. 

The thing I like about this site is they have a simulated SIEM environment as well with alerts that you can work through. 

I had looked at this last year but never got around to creating an account. 

Working through the lesson and practicing the SIEM is nice. It simulates a playbook-style setup where you follow the playbook to help answer if the alert is true positive or false positive in some cases. So after going through the answering of questions, you get a score at the end to see how you did. You can even replay some if you want but it doesn’t rescore you. 

A good way to practice with SIEMs and alerts you might get in a cybersecurity role. 

In my current job role, I work in application support and I have done so for the same company for a while. So I have worked myself into a bit of a hole where there is not much to move up to as I have reached the top level of my support role. If I want to do something else I would need to move more into an engineering role that would put me more on the back end of things or management. 

I have never been much of a management person as I like to use my technical abilities to work on issues. My company seems to be trying to shift focus as well as they came out of the gate this year with wanting to have employees do more career planning. This was something they never really did in the past but it is a good thing. Sadly doesn’t look like they have any cybersecurity positions available here stateside as most of them are in Manila or India, but here is hoping something might turn up to align with my studies. 

I listened to the Cyberwire podcast and found a bit of humorous detail (to me). They talk about watering hole attacks where you create a fake website or portal where you try to guide the users so they will log in with their legitimate credentials. A group decided a few years ago to create this type of attack and base it around religious sites. They were successful in pulling off this attempt and it was tagged as a Holy Water attack. Just found that a bit funny. 

As I look over things like LinkedIn and watch videos on YouTube a lot of those that start in cybersecurity seem to push and suggest a lot of networking and making sure your resume and portfolio are up to date. 

Just reminds me more I need to get those things created. I have an old Gethub I created back when I was doing web design stuff and have had my domain for years but never really used it much.

Going over a bit of material as I wanted to refresh my Network+ knowledge. It has been a few years since I got my Network+ cert way back in 2007. While it doesn’t expire I haven’t had much network experience that would require me to use it. Might need to pick up a Network+ book again and give myself a refresher.

As I have been reviewing job listings seems like Splunk and ELK come up a lot as they seem to be SIEMs that a lot of companies use to digest and create information related to security alerts. Luckily, TryHackme has a section dedicated to them as well. 

Been jumping around a bit on the TryHackMe site. I have been going through the Soc 1 learning path and it has been interesting but sometimes seems to take you on things that you might not be interested in learning. I was interested in learning more about log analysis but that didn’t seem to come up until like the Soc 2 course. 

So jumped over to that course for a bit and ran through some of the log analysis rooms they had. Luckily the site doesn’t lock you in once you start down a path. So if you get tired of slogging through one section you can move to another and come back when you want.

Home Lab stuff

Did some more messing around with home lab stuff. 

Messing around with installing some endpoints like a Windows server and Ubuntu Desktop to get some practice in the environments. My trial of VMware ran out and wasn’t looking to purchase a license for it so switched everything to Oracle VirtualBox for a free VM to mess around with. 

Been working well so far.